Air Force turning to a service-oriented approach for IT applications

Jared Serbu reports.

The Air Force is cracking down on the latitude that program managers once had to
build their own technology infrastructure every time they built a new IT solution.

As part of the service's consolidation and
centralization of IT governance under the authority of its chief information
officer, the Air Force is instead implementing a service-oriented model for IT
infrastructure that the entire Air Force will use.

The Air Force is trying to abandon an era during which systems and networks tended
to grow up according to their own rules, each with their own models for security,
operations and sustainment.

The service busily has been building a common baseline of technology standards for
all systems to use as it gradually moves toward a DoDwide IT architecture, the
future Joint Information
Environment.

The next step is to implement a model for individual applications to use that
common, commodity-based infrastructure. The Air Force calls it the Service
Development and Delivery Process (SDDP), which it has been developing for the past
three years as a way to bring new capabilities online more quickly and at lower
cost.

To help implement the process, the Air Force created a new managed services office
(MSO), which will design and operate the infrastructure so that program managers
don't have to.

"The MSO will vet infrastructure service providers against those established
baseline requirements, and working as part of an integrated program office team,
it will deliver the capacity, storage, platform and other common services to
support application development, integration and production," said Brig. Gen.
Kimberly Crider, the mobilization assistant in the Air Force CIO's office. "We are
looking for capabilities to be developed and delivered as a service. Mission
application owners will plan and program for the infrastructure that they need,
and they will pay for the services that they use."

Six step process

In the SDDP model, officials in the Air Force's various mission areas will have to
think ahead about how they'll integrate their applications into the security and
other common services the Air Force will offer before they start building an IT
solution, Crider told an audience at AFCEA Northern Virginia's annual Air Force IT
Day Wednesday in Vienna, Va.

But she said it also will force them to think about whether they need to build
something new in the first place, or whether they can leverage or reuse
capabilities the Air Force already owns and operates elsewhere in the enterprise.

"It's a six-step process, and it starts with functional mission owners asking
themselves, 'What am I trying to do? What's the problem I'm trying to solve in my
functional community?'" she said. "It forces the functional community, before they
start zeroing in on a particular IT solution, to stop for a minute and think about
what problem they're trying to solve, and what the doctrine, training,
organizational and other institutional issues are implicated in solving that
problem. But if they get to the point where they decide they need a new IT
solution, they've now got to have a good set of bounded user requirements about
what this functional capability needs to do. That gets to a common problem. We've
got to have good requirements."

From there, Crider said, SDDP will have enforcement mechanisms that make sure new
applications can effectively interoperate in the shared environment before they're
allowed to tap into the new infrastructure.

"We have to make sure that the application coming in won't perturb the operational
baseline, and as that application performs its mission, the infrastructure
environment will support it though other integrated apps and it can get to all the
data that it needs," she said. "What a concept: We can think through all of that
up front, and build that out in a coordinated effort across development, test and
production. That's what SDDP is in a nutshell."

As a practical and operational matter, the Air Force can't eliminate the tens of
thousands of older applications that don't conform with its new common technology
baseline. So, many of those legacy technologies will stay in place while the Air
Force moves to a more standards-based IT ecosystem.

Commercial cloud a possibility

Crider said she believes the owners of those applications will have a strong
incentive to at least begin modifying them so they can take advantage of the
shared infrastructure.

"Many of them will remain in their current state," she said. "But many of them,
working with their program executive offices, will look at the business case for
migrating those applications into the commoditized, centrally-provided
infrastructure environment. Because once they get there, their process for updates
and releases should be much more streamlined, they'll be able to inherit
information assurance controls from the enterprise, and they'll be able to more
rapidly control functional capability, and they'll be able to achieve their
missions at a higher level of effectiveness at a much lower overall cost. It's
about new, it's about legacy, and it's about bringing everybody to a common
destination."

The Air Force, however, does not intend for all of its future IT infrastructure to
be government owned-and-operated.

Lt. Gen. Michael Basla, the Air Force CIO, said some applications will be better
served by commercially-hosted cloud environments. He said his service hopes to
have a way for Air Force officials to easily purchase cloud services that meet DoD
security standards very soon.

"We're going to have an organic capability, probably through (the Defense
Information Systems Agency)," he said. "I'm going to tell our functionals, 'Don't
build your own infrastructure. That's where you deploy to.'"